Office 365¶
Cyderes supports ingestion from Microsoft's Office 365 Management Activity API. This API provides audit logging for Microsoft Entra (formerly Azure Active Directory), Exchange, Sharepoint, Teams, and PowerBI among other products. This information can be used to track user behaviors and monitor email for malicious entry points.
A full list of the available Activity API schemas and the data they represent can be found in Microsoft's documentation.
Azure App Prerequisite
For this integration, an Azure App must be created. More information can be found about how to do that in the documentation here.
Data Types¶
- OFFICE_365
Requirements¶
Validate that audit logging
is turned on. This ensures that the Office 365 Management Activity API is available to Cyderes. The directions to validate this setting, as well as how to activate it, can be found in Microsoft's documentation.
Important: Workspace Admin permissions are required to complete the following steps.
The Cyderes Azure App requires certain permissions to access the Office 365 Management API. The steps for granting these permissions are outlined in Microsoft's documentation under the section titled "Specify the permissions your app requires to access the Office 365 Management APIs
".
Please follow the steps there, along with the following directives for Steps 3 and 4.
- In Step 3, choose
Application Permissions
. - In Step 4, check the boxes next to the following permissions:
ActivityFeed
ServiceHealth
Recommended Settings¶
Please validate the mailbox auditing
is on by default. Mailbox auditing ensures that Exchange events are more descriptive and detailed. The directions to validate this and how to manage mailbox audit settings can be found in Microsoft's documentation.
Gather Information¶
Provide the following Cyderes Azure App information to Cyderes:
- Identity (Azure Active Directory App)
- Application (client) ID
- Directory (tenant) ID
- Secret ID
- Secret Value